Auth
Authentication vs Authorisation: Confirming users are who they say they are and assigning what users can do and access
MAC/DAC/RBAC
For authentication and authorisation, logical access control can be mandatory, discretionary or role-based
Assurance vs Control
Proactive vs reactive approaches to putting good things in and taking bad things out of testing processes to assure and control testing quality